We also have: fool, hoax, hoodwink, bamboozle, con, pull a fast one on, put one over on, gull, euchre, hornswoggle, or flim flam
if we want to be more precise.
No, it really doesn't. The fact that a user *can* change it is the only thing that matters. This is the issue with many (not all) devs in general. Say something they wrote isn't easy or is unintuitive and instead of fixing it they say "well nobody with a brain would do that" or "if they don't know how to figure it out then too bad for them". These are not valid comebacks.
Absolutely right. Our job as software developers is to write software that's invisible, because we are the only people that are interested in software and computers. Everyone else is interested in getting a job done. If our code gets in the way of that, then to some extent we have failed, and excuses or pointing a finger at competing OSes doesn't get the job done. No one said software was easy, and good UI code has to be among the hardest code to write simply because half of the human/computer interface is completely irrational .
who are you going to trust this to, some guy called bob on sourceforge, or a multi billion dollar company with resources to get you out of the shit?
Bob. At least I know his name, and can actually talk to him, the developer, before making a decision. Megacorp may have lots of resources, but they aren't my resources. They have an interest in getting me out of the shit only if they can profit from it and even then only if they can profit from it more than they can by expending those resources elsewhere. More likely in this situation their resources are going to be directed into their legal department to get them out of the shit. Bob, on the other hand, really wants his software to work well as a point of pride, and will be positively giddy to take the relatively small amount of money, compared to Megacorp's support contract, that we will offer him to fix his code right frickin now. Bob and 10 of his best buddies will be living on caffeine and sugar until they get a patch out the door because this is the brass ring, getting paid to work on code you otherwise would work on for free. Bob, because if he screws me then I and my large organization can crush him and his buddies like bugs. I'm not in a dominant position when doing business with Megacorp, I am with Bob, so from a very Machiavellian standpoint I'm better off doing business with Bob.
A good CMS to migrate to is Plone. I've been working the last few months with Plone and I love it! Plone is well structured and easy to develop for, the documentation on their site is a bit thin, and the documentation you can google is often outdated. However their IRC channel has plenty of nice peeps willing to help.
Plone is somewhat of a hairball, multiplied by the bits of Zope3 that have been included. If you look up "overengineering" or "java envy" in the dictionary, you will see the Zope3 logo. This is unfortunate because Plone has by far the best UI of any CMS that I've seen. And Zope2, while somewhat wooly, had some very interesting ideas in it. I would really like to like Plone, but even creating a new skin is a major undertaking, requiring the special buildout tools, and learning their special dictionary of CSS tags. It's very "One True Way". I'm not building a cathedral, just a website. I think a better tool in most cases is Django. The chief advantage is that it is less tightly coupled, making it easier to integrate other python products and just generally making it more approachable. YMMV.
You got the meme wrong. Security through obscurity alone is not enough, but obscurity in addition to other measures certainly helps. Or are you sugegsting that our secret CIA operatives inside the Taliban would be more effective if they stood up in the middle of prayers and announced they worked for the Agency?
Right. Most people just call this camouflage, and it's been an effective strategy for millions of years. In fact, it's been so effective that I have to question whether this aphorism is true at all, or if it's just being misapplied here. Certainly denying you have security holes in your code is a bad idea, particularly if the bad guys already know about them. But making a machine on a net appear to be something other than it is, that sounds pretty effective to me, if it's done right.